Hi,
i'm trying to make some linux box with Netfilter + squid to securize some classrooms..
I'm running Slackware 7.1 ( kernel 2.4.0-test8 ) iptables 1.1.1 and squid 2.3.stable4.
My iptable script looks like :
/usr/local/bin/iptables -t nat -A POSTROUTING -s 192.168.73.0/24 -o eth0 -j SNAT --to aaa.bbb.ccc.ddd
/usr/local/bin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
To make my squid work as transparent i put :
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
in my squid.conf...
Normal proxying works fine if i set the proxy setting in netscape .... If i don't set this setting i get :
En essayant de charger l'URL : http://192.168.73.254/
L'erreur suivante a été rencontrée :
La connexion a échoué
Le système a retourné :
(111) Connection refused
192.168.73.254 is my netfilter/squid box ......
In the squid access.log says :
968832943.624 4 192.168.73.96 TCP_MISS/503 1133 GET http://192.168.73.254/ - DIRECT/192.168.73.254 -
it looks like squid does'nt forward my request...
In the FAQ i saw : CONFIG_IP_TRANSPARENT_PROXY=y
But i didn't sax any kind of this option in 2.4.xx kernel ......
Any idea ?
-- Etienne Roulland - CRI Universite de Poitiers -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Sep 13 2000 - 02:20:46 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:16 MST